Combining the Counterintelligence Security Model with Enterprise Rights Management Technology
Your data may be secure when it is at rest or in storage. It may be secure when it is in motion inside and outside the enterprise. However, do you know if it is secure when used by an authorized user? Most companies cannot answer this question.
The reality is that data breaches occur at an alarming frequency and with a huge impact, especially when you consider how quickly unstructured data multiplies within the routine operation of most organizations. Unfortunately, even a single breach or data leak can cause egregious harm to a corporate brand and reputation – and cost millions of dollars in remediation, competitive loss, legal fees and regulatory fines. In 2008, the average cost of a data breach was $6.65 million according to a study by PGP Corporation and Ponemon Institute. The US Chamber of Commerce estimates that intellectual property loss accounts for $250 billion per year.
That is why information security management is a serious business mandate. It is a moving target, driven by both business innovation and threat innovation. Compounding this challenge are the escalating demands of citizens, consumer groups and government legislators for dependable security.
In other words – it is imperative to get information security right. Enterprises cannot afford to let mission critical information or privacy-protected data walk out the door, and unfortunately no company is immune from insider fraud and malicious leaks of confidential information. As reported by Gartner, 84% of all security breaches come from an insider, so truly effective solutions must keep insiders honest and trustworthy. Trade secret theft and economic espionage are a few of many other internal and external attack methods, and the volume of such attacks has grown significantly in recent years.
Therefore, enterprise security solutions must be smarter and more dynamic to provide real protection, improve operational efficiencies and reduce cost. The best approach would include intelligent unstructured data management strategies that effectively combine counterintelligence methodologies with an enterprise rights management (ERM) technology platform. A hybrid solution such as this means risk is truly minimized without compromising collaboration and performance.
The Challenge of Unstructured Data Security
Arguably the largest problem most enterprises face is unstructured data security. A company’s unstructured data and documents represent a treasure trove of free-flowing ideas, innovation and often sensitive information that is not properly managed. Think of the hundreds of data types stored in documents such as PDFs, Microsoft Word and PowerPoint files, emails, web pages, scanned documents and audio or video files. These data forms are multiplying rapidly, as is the volume of data contained.
This kind of information also provides a competitive advantage that can be legally protected as a trade secret if it is properly identified and managed. As stated in the Sarbanes Oxley Act, trade secrets are financial assets, which means if they are lost, stolen or compromised, a ‘material change’ has occurred, which requires that investors and shareholders be notified. Similarly, when privacy-protected information is stolen or compromised, federal and state regulatory laws come into play. If you are in charge, you are accountable.
So how big is the challenge? Studies continue to show that unstructured data represents 85% of a company’s overall data, and more than 50% of it is sensitive or mission critical. The vulnerabilities resulting from the mismanagement of unstructured data is a key factor in the enterprise information security question.
To handle the problem, counterintelligence methods should be integrated into any information security management approach. The goal is to get inside the activity stream of an enterprise, to identify threats and vulnerabilities, and to close gaps and strengthen the security culture so it becomes more preventative, preemptive and predictive. The counterintelligence model is developed first by conducting a review of policies, procedures and work practices and takes seven important categories into account: HR, organization, assets, process, technology, physical risk and performance. However, an optimal solution entails more than just this: it combines the counterintelligence model with enterprise rights management (ERM) technology platform.
Choosing the Right Platform: Enterprise Rights Management (ERM) Technology and Data Loss Prevention (DLP)
Two predominant technology platforms have emerged to secure unstructured data, information and content: Data loss prevention (DLP) and Enterprise Rights Management (ERM). DLP solutions are reactive and presume that critical data and information assets within the enterprise environment are unknown. Parameters must then be created to identify such information so that security policies can be enforced. Essentially, security stems from minimizing the opportunity for sensitive information to leak from its source. ERM solutions, on the other hand, are proactive in nature and presume that critical information assets are known. Security policies that determine who may access those assets and what actions they may apply to them are easily enabled and transparently enforced.
Essentially, ERM changes the security paradigm. It enables people to share information in support of collaboration and productivity while at the same time providing dynamic centralized policy controls that persist beyond the firewall and wherever the data resides. Information is fully encrypted at all times, and the processes are transparent to the end-user with no adverse effects to work practices.
To accomplish this level of information control, the ERM solution provides three types of security: protection, control and audit. The document and its content are encrypted while at rest, in-transit and while in use. Additionally, data on the clipboard is protected at all times. Enterprises control who has access to the data. ERM also ensures that audit capabilities track user attempts to access unstructured data and reports on what they have done after accessing it.
Better access and collaboration platforms generally provide better business results – but complicating this approach is the exponential increase in mobile devices, virtual workstations and the general portability of information. Forward-thinking enterprises must look for smarter ways to accomplish the dual goals of portability and security.
So what is the ERM Solution?
The ERM solution protects a file in such a way that policy keys are used to encrypt it. When the file is accessed, the local agent authenticates the user, decrypts the file, but blocks actions that are not assigned to that user in the policy protecting the file. Documents remain protected on both sides of a firewall and can only be accessed by authorized users.
However, an effective ERM solution should also provide policy propagation. This means when an authorized user accessed a file, functions like copy paste, save as and PDF conversion remain available to the user. Policy protected content can be copied and pasted from a secure document into an unprotected document and remain securely protected. This protection even transcends different applications, which represents real security in action.
The bottom line is that an optimal scenario enables people to share information in collaborative and highly distributed work environments, while at the same time securing the information through dynamic centralized management controls that persist beyond the firewall. This is a daunting task, and the key is fusing together a solution that encompasses technology, security and people.
ERM solutions close a huge gap in vulnerability by providing security to data in use. Until now, there has been no way to secure it. According to Gartner, it will not be long before enterprise rights management will be adopted as a default solution – another mega-trend in security evolution. Benefits of this solution include granular control over actions that may be applied to data, enablement of data sharing and protection, access to detailed visibility in the enterprise’s data flow, and more.
The Benefit of a Counterintelligence Model
In government, counterintelligence is the function if identifying and stopping foreign spies and terrorists. Every terrorist attack, for example, is preceded by an intelligence operation in which attackers gather information that is then used to develop and execute their plan. Agents must get inside the intelligence stream to stop the attack before it occurs. The same is true of commercial enterprises: security professionals must get inside the activity stream to identify and close gaps that put the enterprise at risk.
A counterintelligence officer or group collaborates with security stakeholders across the enterprise yet operates with autonomy to provide independent oversight and segregation of duties in security management. Its purpose is to identify internal and external threats to mission critical assets. The formulation of a risk treatment strategy is derived from an assessment and comprehensive analysis of policies, procedures and work practices.
One of the reasons data leakage is occurring with alarming frequency is not because organizations don’t have security policies and procedures, but because they fail to adequately train their employees, monitor their actions and enforce policies when they are violated. Counterintelligence takes a lead role in assuring that security is executed according to plan. Among other tasks, it develops specialized training as a requirement for persons with access to sensitive assets, monitor operations for compliance and assures that enforcement practices are fair and consistent. A good defense is a strong offense.
Bringing It All Together
A plan that combines ERM and the Counterintelligence Model (CM) is optimal. Enterprises can glean business intelligence, extract unrealized value, and bring order and security to an otherwise vast sea of unstructured chaos and risk.
For a solution that incorporates ERM and CM, discovery is the first step. This means identifying data and information assets. However, not all unstructured data is worth protecting, so the next step involves determining the risk to the enterprise if security is compromised. What is worth protecting must be identified, classified and labeled to reflect the designated security handling requirements. This stage of the solution, called defining, involves identifying critical information assets, processes and applications that are vital to competitive advantage, innovation, profitability corporate governance and regulatory compliance. The next step is creating a plan that combines the discovery, assessment and defining processes. The plan should also include a management plan and schedule, vision and deployment strategy, current stat risk assessment review and implementation roadmap. Finally, the enterprise is ready to enter the implementation phase which includes carrying out the first stages of the plan, training personnel and configuring new settings. Because security is a process that requires continuous review, analysis and improvement, improvement must be sought during every step.
Conclusion
In today’s distributed business models and ever expanding chain-of-trust, there are no guarantees when it comes to security. But one thing is for sure—companies cannot afford to get data protection wrong. Good security is ubiquitous and occurs long before the end-user is granted access to critical information assets. By combining enterprise rights management with the counterintelligence security model, organizations can raise the bar on security management to unparalleled heights.
Rather than protecting the information ‘container’ alone, it is now possible to embed security into the information itself. When this occurs, an organization’s prescribed information access and use privileges can be centrally managed, monitored, and enforced when the data is at rest, in motion, or in use. Ultimately, this means that senior executives can roll the dice and take a gamble that point solutions will be sufficient, or they can adopt a holistic approach and get it right—Rights Managed that is.
Bryan Reynolds is co-founder and managing partner of Sitrof Technologies, a document management and data protection consultancy. Reynolds brings more than 15 years of experience in enterprise content management, business workflow, imaging, records management and knowledge management. breynolds@sitrof.com
